Not sure if there are others who have faced this, and if there is a workaround, or an app to address below:
1. Even when the phone is locked, one can access the notification drawer, one can turn on/ off data, wifi etc.
2. The power key is usable to power off or restart the phone
This is a basic security issue as in the wrong hands they will perform above functions, and critical services like ‘Find my device’ won’t work. There are other obvious loopholes with above access
That's a very good spot, I didn't realise that you could do that. On my previous phones it wasn't possible to change these settings without unlocking the phone.
Meanwhile, I also found an easy way to avoid the security exposure from the notification drawer
Once you have unlocked the phone, click the Edit icon (beside the Settings icon) Move all the critical tiles so that they do not show up in the locked screen. These could include Mobile Data, Wifi, Location etc.
For rendering the power button unusable to power-off or restart the phone when locked, I'm using the Playstore app anti-Theft Security
I don't think this is a "Security concern" though...
Messing up with the connectivity etc does not expose your data or privacy in any way. Meaning no one can add, see or edit anything personal on the phone if it is locked and with an account.
The concern here is that if the locked phone were to land in wrong hands, then they'd shut off data etc. to stop tracking. And would also power it off
I found that with my suggestions above, you could reduce a lot of fiddling. But the mischief maker will still use the hard boot option with Vol-UP & Power key
Yet, measures mentioned above will reduce the options for foulplay